### This is our home dir TRUSTLET_DIR := $(KINIBI_TA_BUILD_ROOT)/kinibi_source/tz_hdm/Locals/Code ### Output name without path or extension OUTPUT_NAME := tl_tz_hdm ### Mobiconvert parameters TRUSTLET_UUID := ffffffff000000000000000000000094 TRUSTLET_MEMTYPE := 2 # 2: ERAM TRUSTLET_NO_OF_THREADS := 1 # min =1; max =8 TRUSTLET_SERVICE_TYPE := 3 # 1: driver; 2: service provider trustlet; 3: system trustlet TRUSTLET_INSTANCES := 1 TRUSTLET_FLAGS:= 0 # # Attention: # Setting CFG_RPMB_KEY_PROGRAMED_IN_KERNEL as 1 means accepting the risk of revealing key in # Linux Kernel. Mediatek won�t take the responsibility for loss incurred by the key revealing. # CFG_RPMB_KEY_PROGRAMED_IN_KERNEL := 0 LOCAL_CFLAGS += -DCFG_RPMB_KEY_PROGRAMED_IN_KERNEL=$(CFG_RPMB_KEY_PROGRAMED_IN_KERNEL) #------------------------------------------------------------------------------- #------------------------------------------------------------------------------- $(info [HDM] Used KINIBI ver $(KINIBI_VERSION)) ### Setup signing and building (toolchains) ifeq ($(TA_TARGET_SOC), mt6768) RUNTYPE := gd_mobicore410_trustlet # $KINIBI_VERSION == "410A" TRUSTLET_SIGN_CONF := "-s 3 -n 1 -i 3 -m 2 -f 8 -sh 2097152 -mh 4194304" API_LEVEL := 5 TOOLCHAIN := ARM else $(error [HDM] invalid TA_TARGET_SOC $(TA_TARGET_SOC)) endif ### TBASE_API_LEVEL ifeq ($(KINIBI_VERSION), 400C) ifeq ($(API_LEVEL), 5) ### TOOLCHAIN : ARM TBASE_API_LEVEL := 5 endif else ifeq ($(KINIBI_VERSION), 410A) ifeq ($(API_LEVEL), 5) ### TOOLCHAIN : ARM TBASE_API_LEVEL := 5 else ifeq ($(API_LEVEL), 11) ### TOOLCHAIN : GNU TBASE_API_LEVEL := 11 endif else $(error [HDM] invalid KINIBI ver $(KINIBI_VERSION), API level $(TBASE_API_LEVEL)) endif #------------------------------------------------------------------------------- #------------------------------------------------------------------------------- #------------------------------------------------------------------------------- # Files and include paths - Add your files here #------------------------------------------------------------------------------- ### Add include path here INCLUDE_DIRS += \ $(TRUSTLET_DIR) \ $(TRUSTLET_DIR)/inc \ $(TRUSTLET_DIR)/inc/shared \ $(TRUSTLET_DIR)/inc/tz_common ### Add source code files for C++ compiler here SRC_CPP += \ $(TRUSTLET_DIR)/src/tz_hdm_main.c \ $(TRUSTLET_DIR)/src/process_cmd.c \ $(TRUSTLET_DIR)/src/hdm_response.c \ $(TRUSTLET_DIR)/src/hdm_json.c \ $(TRUSTLET_DIR)/src/hdm_utils.c \ $(TRUSTLET_DIR)/src/hdm_x509.c \ $(TRUSTLET_DIR)/src/hdm_core.c \ $(TRUSTLET_DIR)/src/hdm_jws.c \ $(TRUSTLET_DIR)/src/hdm_hypervisor.c \ $(TRUSTLET_DIR)/src/hdm_drk.c \ $(TRUSTLET_DIR)/src/hdm_hash.c \ $(TRUSTLET_DIR)/src/hdm_wrapper.c \ $(TRUSTLET_DIR)/src/hdm_rpmb.c \ $(TRUSTLET_DIR)/src/shared/base64.c \ $(TRUSTLET_DIR)/src/tz_common/buffer_utils.c \ $(TRUSTLET_DIR)/src/tz_common/TBASE_TZ_Vendor.c \ $(TRUSTLET_DIR)/src/tz_common/TlApiDrTima.c # Usage of SCrypto EXTRA_LIBS += $(TZ_SCRYPTO_LIB32) INCLUDE_DIRS += $(TZ_SCRYPTO_HEADER_PATH) TA_LINK_OPTS += --diag_suppress=L6367E TA_LINK_OPTS += --diag_suppress=L6366E TA_LINK_OPTS += --diag_suppress=L6200E TA_LINK_OPTS += --diag_suppress=L6242E # RPMB libs EXTRA_LIBS += $(TRUSTLET_DIR)/lib/drrpmb_gp_api.lib EXTRA_LIBS += $(TRUSTLET_DIR)/lib/msee_fwk_ta.lib ### Add source code files for C compiler here SRC_C += ### Add source code files for assembler here SRC_S += # nothing # for Debug log ifneq ($(filter eng userdebug, $(TARGET_BUILD_VARIANT)),) $(info DEBUG_HDM) ARMCC_COMPILATION_FLAGS += -DDEBUG_HDM endif ARMCC_COMPILATION_FLAGS +=\ -DMOBICORE \ -DOPENSSL_FIPS \ -D_AEABI_PORTABILITY_LEVEL=1 \ -D__ARMCC__ \ -D__TRUSTONIC_TEE__ #Include ICCC include $(KINIBI_TA_BUILD_ROOT)/kinibi_source/tz_iccc_common/iccc_config.mk #------------------------------------------------------------------------------- #------------------------------------------------------------------------------- #------------------------------------------------------------------------------- # Use generic make file #------------------------------------------------------------------------------- include $(TLSDK_DIR_SRC)/trustlet.mk #Run FIPS and re-sign axf file generating tlbin (overwrites the previous generated by truslet.mk) run_fips_tools: $(TA_AXF) $(TZ_SCRYPTO_TOOLS_PATH)/run_fips_tools.sh $(TA_AXF) java -jar $(TLSDK_DIR_SRC)/Bin/MobiConvert/signclient.jar \ -model MT6768_MOBICORE \ -runtype $(RUNTYPE) \ -input $(TA_AXF) \ -output $(TA_BIN) \ -conf_str $(TRUSTLET_SIGN_CONF) all: run_fips_tools